By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
424,489 Members | 1,932 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 424,489 IT Pros & Developers. It's quick & easy.

Custom login form

P: n/a
Can anyone coach me in a custom log-in screen? I have a table set up
with users and a password. So basically the user sign in form would
authenticate the user
and password (IF - Then). What I need help with is how to write the SQL
that verifies the User-Password relationship from the table.
Pseudo-Code would be something like:
"If User and Password MATCH
Then Allow them in"
The SQL syntax has me stumped...
Any ideas? Thanks in advance!

Jan 8 '07 #1
Share this Question
Share on Google+
7 Replies


P: n/a
I can advise that homegrown "security lite" is worse than none, because it
gives you a false feeling of security, but can easily defeated by any
moderately-knowledgeable user.

If you are being forced to implement such homegrown "security lite", please
tell the client/management that, and look into Access' security. If they
still insist, you have covered yourself when/if that "security lite" is
broken, as it is very likely to be.

But, if this was your idea of "securing an application", stop, and look into
Access security. It, too, can be broken but will require a
more-than-moderately-knowledgeable user, or some expenditure. Information
about the "Security FAQ" can be located using Advanced Search on the
Knowledge Base at http://support.microsoft.com. Specifically, the Access
2000 Security FAQ is described in an article at
http://support.microsoft.com/kb/207793/en-us.

There is a "password" format which displays a string of asterisks **** when
the user enters a password. As we don't know the fields in your table, we
couldn't give you exact code, anyway. If you've GOTTA do the security lite,
post back with details of your "user and password" table, and the names of
the textboxes on your form for entering those values, and I'm sure someone
can help with code.

Larry
"Parasyke" <kr************@yahoo.comwrote in message
news:11**********************@42g2000cwt.googlegro ups.com...
Can anyone coach me in a custom log-in screen? I have a table set up
with users and a password. So basically the user sign in form would
authenticate the user
and password (IF - Then). What I need help with is how to write the SQL
that verifies the User-Password relationship from the table.
Pseudo-Code would be something like:
"If User and Password MATCH
Then Allow them in"
The SQL syntax has me stumped...
Any ideas? Thanks in advance!

Jan 8 '07 #2

P: n/a
My Table is really simple "UserName" (key field) and "Password"
I have the astericks format already set up on the form in the Password
textbox. This is a low-level security to avoid the .mdw routine (which
I've successfully implemented before, but would be a nightmare for this
long-story/unique situation application). I have the form's data source
being this table.

So I need something like:

If Me.TextBoxUser MATCHES Me.TextboxPassword
Then Let them in

My mental hurdle is simply how to do the verification by association of
the Name and Password.

Thanks again for any clues!
Dav

Larry Linson wrote:
I can advise that homegrown "security lite" is worse than none, because it
gives you a false feeling of security, but can easily defeated by any
moderately-knowledgeable user.

If you are being forced to implement such homegrown "security lite", please
tell the client/management that, and look into Access' security. If they
still insist, you have covered yourself when/if that "security lite" is
broken, as it is very likely to be.

But, if this was your idea of "securing an application", stop, and look into
Access security. It, too, can be broken but will require a
more-than-moderately-knowledgeable user, or some expenditure. Information
about the "Security FAQ" can be located using Advanced Search on the
Knowledge Base at http://support.microsoft.com. Specifically, the Access
2000 Security FAQ is described in an article at
http://support.microsoft.com/kb/207793/en-us.

There is a "password" format which displays a string of asterisks **** when
the user enters a password. As we don't know the fields in your table, we
couldn't give you exact code, anyway. If you've GOTTA do the security lite,
post back with details of your "user and password" table, and the names of
the textboxes on your form for entering those values, and I'm sure someone
can help with code.

Larry
"Parasyke" <kr************@yahoo.comwrote in message
news:11**********************@42g2000cwt.googlegro ups.com...
Can anyone coach me in a custom log-in screen? I have a table set up
with users and a password. So basically the user sign in form would
authenticate the user
and password (IF - Then). What I need help with is how to write the SQL
that verifies the User-Password relationship from the table.
Pseudo-Code would be something like:
"If User and Password MATCH
Then Allow them in"
The SQL syntax has me stumped...
Any ideas? Thanks in advance!
Jan 8 '07 #3

P: n/a
Just use a DLookup on the table.

X = DLookup("Password", "tblLogins", "Username = ' " & me.txtUserName &
" ' ")

if X = me.txtPassword then
msgbox "You're one of the good guys!"
else
msgbox "You suck!"
docmd.quit
end if

You may need to tweak that code a bit, it's off the cuff and I didn't
feel checking it for errors.

Parasyke wrote:
My Table is really simple "UserName" (key field) and "Password"
I have the astericks format already set up on the form in the Password
textbox. This is a low-level security to avoid the .mdw routine (which
I've successfully implemented before, but would be a nightmare for this
long-story/unique situation application). I have the form's data source
being this table.

So I need something like:

If Me.TextBoxUser MATCHES Me.TextboxPassword
Then Let them in

My mental hurdle is simply how to do the verification by association of
the Name and Password.

Thanks again for any clues!
Dav
Jan 8 '07 #4

P: n/a
You could save the user from entering passwords by looking up the current
windows login. Assuming users are not sharing a logged-in computer.

if isnull(DLookup("[Username]","tblLogins", "Username='" &
Environ$("UserName") & "'")) then
msgbox "No Access"
docmd quit
end if
"ManningFan" <ma********@gmail.comwrote in message
news:11**********************@s34g2000cwa.googlegr oups.com...
Just use a DLookup on the table.

X = DLookup("Password", "tblLogins", "Username = ' " & me.txtUserName &
" ' ")

if X = me.txtPassword then
msgbox "You're one of the good guys!"
else
msgbox "You suck!"
docmd.quit
end if

You may need to tweak that code a bit, it's off the cuff and I didn't
feel checking it for errors.

Parasyke wrote:
My Table is really simple "UserName" (key field) and "Password"
I have the astericks format already set up on the form in the Password
textbox. This is a low-level security to avoid the .mdw routine (which
I've successfully implemented before, but would be a nightmare for this
long-story/unique situation application). I have the form's data source
being this table.

So I need something like:

If Me.TextBoxUser MATCHES Me.TextboxPassword
Then Let them in

My mental hurdle is simply how to do the verification by association of
the Name and Password.

Thanks again for any clues!
Dav

Jan 8 '07 #5

P: n/a
On Mon, 8 Jan 2007 12:32:05 -0600, "paii, Ron" <pa**@packairinc.com>
wrote:
>You could save the user from entering passwords by looking up the current
windows login. Assuming users are not sharing a logged-in computer.

if isnull(DLookup("[Username]","tblLogins", "Username='" &
Environ$("UserName") & "'")) then
msgbox "No Access"
docmd quit
end if
Now there's a great idea. That way an unauthorized user would have
half the work done for them!
Jan 8 '07 #6

P: n/a
>>if isnull(DLookup("[Username]","tblLogins", "Username='" &
>>Environ$("UserName") & "'")) then
msgbox "No Access"
docmd quit
end if
Now there's a great idea. That way an unauthorized user would have
half the work done for them!
More like 90%. ;-)

HTH.
Gunny

See http://www.QBuilt.com for all your database needs.
See http://www.Access.QBuilt.com for Microsoft Access tips and tutorials.
http://www.Access.QBuilt.com/html/ex...ributors2.html for contact
info.
"Oscar Meyer" <Os***@yahoo.comwrote in message
news:6t********************************@4ax.com...
On Mon, 8 Jan 2007 12:32:05 -0600, "paii, Ron" <pa**@packairinc.com>
wrote:
>>You could save the user from entering passwords by looking up the current
windows login. Assuming users are not sharing a logged-in computer.

if isnull(DLookup("[Username]","tblLogins", "Username='" &
Environ$("UserName") & "'")) then
msgbox "No Access"
docmd quit
end if
Now there's a great idea. That way an unauthorized user would have
half the work done for them!

Jan 8 '07 #7

P: n/a

"Oscar Meyer" <Os***@yahoo.comwrote in message
news:6t********************************@4ax.com...
On Mon, 8 Jan 2007 12:32:05 -0600, "paii, Ron" <pa**@packairinc.com>
wrote:
You could save the user from entering passwords by looking up the current
windows login. Assuming users are not sharing a logged-in computer.

if isnull(DLookup("[Username]","tblLogins", "Username='" &
Environ$("UserName") & "'")) then
msgbox "No Access"
docmd quit
end if
Now there's a great idea. That way an unauthorized user would have
half the work done for them!
There is no security with a username / password form if someone can sit at a
logged-in windows computer and use the system. I would assume the reason for
this type of form would be to help the normal user by controlling access to
fields and forms. If so, why force them to enter a useless password?
Jan 8 '07 #8

This discussion thread is closed

Replies have been disabled for this discussion.